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T rusted  Defense  Systems  Strategy 

Basic  Tenets 


•  Prioritization: 

-  Focus  security  requirements  on  mission  critical  systems 

-  Within  systems,  identify  and  protect  critical  components,  technology, 
information 

•  Comprehensive  Program  Protection  Planning 

-  Early  lifecycle  identification  of  critical  components 

-  Provide  PMs  with  analysis  of  supply  chain  risk 

-  Protect  critical  components  through  trusted  suppliers,  or  secure  systems 
design 

-  Assure  systems  through  advanced  vulnerability  detection,  test  and  evaluation 

-  Manage  counterfeit  risk  through  sustainment 

•  Partner  with  Industry 

-  Develop  commercial  standards  for  secure  products 

•  Enhance  capability  through  R&D 

-  Leverage  and  enhance  vulnerability  detection  tools  and 
capabilities 

-  Technology  investment  to  advance  secure  software, 
hardware,  and  system  design  methods 
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Ensuring  Confidence  in 
Defense  Systems 


•  Threat:  Nation-state,  terrorist,  criminal,  or  rogue  developer  who: 

-  Gain  control  of  systems  through  supply  chain  opportunities 

-  Exploit  vulnerabilities  remotely 

•  Vulnerabilities 

-  All  systems,  networks,  and  applications 

-  Intentionally  implanted  logic 

-  Unintentional  vulnerabilities  maliciously  exploited  (e.g.,  poor  quality  or 
fragile  code) 

•  Traditional  Consequences:  Loss  of  critical  data  and  technology 

•  Emerging  Consequences:  Exploitation  of  manufacturing  and 
supply  chain 

•  Either  can  result  in  corruption;  loss  of  confidence  in  critical 
warfighting  capability 


Today’s  acquisition  environment  drives  the  increased  emphasis: 

Then 

Now 

Stand-alone  systems 

»> 

Networked  systems 

Some  software  functions 

»> 

Software-intensive 

Known  supply  base 

»> 

Prime  Integrator,  hundreds  of  suppliers 

CPI  (technologies) 

»> 

CPI  and  critical  components 
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Program  Protection 
Policy  Framework 


DoDI  5000.02  Enclosure  14:  Program  Protection 

r—  ■ 

PPP  for  every  program  at  every  milestone 
Identify  CPI  and  critical  functions/components 
Use  Intelligence/Counterintelligence  support  to  identify  threats 
Use  cost-effective  countermeasures  to  mitigate  risk 
Include  IA  Strategy  with  PPP 
Incorporate  in  T&E  to  ensure  implementation 


T 


DoDI  5200.39 
Protection  of  CPI 


Focus:  Protect  leading-edge 
research  and  technology  from 
battlefield  loss  and  unauthorized 
transfer 

Countermeasures:  Anti-Tamper, 
Classification,  Export  Control, 
Security,  Foreign  Disclosure,  and  Cl 
activities 


DoDI  5200. mm 

Trusted  Systems  and  Networks 


Focus:  Protect  mission-critical 
functionality  from  compromise 
through  system  design  or  supply 
chain  exploit 

Countermeasures:  Supply  Chain 
Risk  Management  (SCRM), 
Software  Assurance  (SwA),  System 
Security  Engineering  (SSE) 


DoDD  8500.01 
Information  Assurance 


Signed 


Draft 


Focus:  Assure  confidentiality, 
integrity,  and  availability  of 
information  and  information 
systems 

Countermeasures:  IA  Controls 
(technical,  process,  management, 
awareness  &  training,  etc.) 


I 


I 


Complementary  framework  enables  comprehensive  Program  Protection 
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Program  Protection 
Embedded  in  Technical  Reviews 


MSA 


MS  B 


MS  C 


Strategic 


Joint 
Guidance  Concepts 
(OSD/JCS)  (COCOMs) 


CBA 

? 


ICD 


<^Dp> 


Materiel 

Solution 

Analysis 


Technology 

CDD 

Development 

7 

FRP  Decision  or 
FDD  Review 


Engineering  & 
Manufacturing 
Development 


CPD 

r 


Production  and 
Deployment 


O&S 


AoA 

_ ? 


Focus  Scope  of  Protection 


ASR  SRR  SFR  PDR  CDR 

Program  Protection 
Analysis  at  SE  Technical 
Reviews  (SETRs) 


Protect  Capability  from  Supply 
Chain/System  Design  Exploit 

•  Supply  Chain  Risk 
Management 

•  Software  Assurance 

•  Information  Assurance 


Protect  Advanced  Technology 
Capability  from  Foreign 
Collection/Design  Vulnerability 

•  Export  Control 

•  Security 


Integrated  Process  to  Manage 
Security  Risks 

•  Foreign  Collection 

•  Design  Vulnerability 

•  Supply  Chain  Exploit/Insertion 


SEP 


PPP 


Pre-EMD 

Review 


V 


PPP 


r 


Emphasizing  Use  of  Affordable, 
Risk-based  Countermeasures 
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rf* 


Risk  Assessment  Methodology 


Input  Analysis  Results: 

Criticality  Analysis  Results 


Mission 

Critical 

Functions 

Logic-Bearing 

Components 

(HW,  SW,  Firmware) 

System  Impact 
(I,  II,  III,  IV) 

Rationale 

Mission  1 

CF  1 

Processor  X 

II 

Redundancy 

CF  2 

SW  Module  Y 

I 

Performance 

Mission  2 

CF  3 

SW  Algorithm  A 

II 

Accuracy 

CF  4 

FPGA  123 

I 

Performance 

Vulnerability  Assessment  Results 


Critical  Components 
(HW,  SW, 
Firmware) 

Identified 

Vulnerabilities 

Exploit- 

ability 

System  Impact 

(I,  II,  III,  IV) 

Exposure 

Processor  X 

Vulnerability  1 
Vulnerability  4 

Low 

Medium 

II 

Low 

Low 

SW  Module  Y 

Vulnerability  1 
Vulnerability  2 
Vulnerability  3 
Vulnerability  6 

High 

Low 

Medium 

High 

I 

High 

Low 

Medium 

Low 

SW  Algorithm  A 

None 

Very  Low 

II 

Very  Low 

FPGA  123 

Vulnerability  1 
Vulnerability  23 

Low 

Low 

I 

High 

High 

Supplier  Risk  Analysis  Results 


Supplier 

Critical 

Components 

(HW,  SW,  Firmware) 

Analysis  Findings 

Supplier  1 

Processor  X 

Supplier  Risk 

FPGA  123 

Supplier  Risk 

Supplier  2 

SW  Algorithm  A 

Cleared  Personnel 

SW  Module  Y 

Cleared  Personnel 

i> 


Consequence  of 
Losing  Mission 
Capability 


Very  High 


High 


Moderate 


Low 


Very  Low 


Likelihood  of  Losing 
Mission  Capability 

Near  Certainty  (VH) 

Highly  Likely  (H) 

Likely  (M) 

Low  Likelihood  (L) 

Not  Likely  (VL) 


Risk  Mitigation  and 
Countermeasure  Options 


Initial  Risk 
Posture 


Consequence 


/M 


n 

Risk  Mitigation 
>  Decisions 


Consequence 
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International  Community 
System  Assurance  Activities 


•  ISO/IEC  15026  -  System  and  Software  Engineering  - 
Systems  and  Software  Assurance 

-  Establishes  common  assurance  concepts,  vocabulary,  integrity  levels  and 
lifecycle 

•  ISO/IEC  27036 — IT  Security  Techniques — Supplier 
Relationships 

-  Establishes  techniques  between  acquirer  and  supplier  for  supply  chain  risk 
management 

•  International  Council  on  Systems  Engineering  (INCOSE) 

-  Systems  Security  Engineering  (SSE)  working  group  established  to  develop 
SSE  updates  to  INCOSE  SE  Handbook 

•  The  Open  Group  (TOG) 

-  The  Open  Trusted  Technology  Provider  Framework  (O-TTPF)  -  open 
standard  that  codifies  best  practices  across  the  entire  lifecycle  covering: 

-  Product  Development 

-  Secure  Engineering 

-  Supply  Chain  Integrity 

-  http://www.opengroup.org/ogttf/ 
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System  Security  Engineering  (SSE) 

Research  Activities 


DoD  is  leveraging  the  Systems  Engineering  Research  Center  (SERC) 
—a  DoD  University  Affiliated  Research  Center  led  by  Stevens  Institute 
with  over  20  collaborating  university  partners — to  advance  SSE 


•  Published  the  SSE  Research  Roadmap  in  August  2010 


Outlines  approach  for  advancing  SSE  definitions,  metrics,  frameworks,  and 
human  capital  through  coordinated  research  modules 

Captures  input  from  50+  industry,  academia,  and  government  experts 


•  Conduct  follow-on  research  into  “System  Aware”  Security 


Prototype  secure  design  patterns  and  study  system  performance  impacts 

-  Physical  and  virtual  configuration  hopping 

-  Diverse  redundancy  of  components 

-  Voting  mechanisms 

Develop  scoring  model  for  evaluating  efficacy  of  security  solutions 

-  Identify  contribution  of  individual  security  services 

-  Determine  effectiveness  of  security  services  within  a  security  architecture 

-  Evaluate  cost  and  collateral  impacts 
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In  Summary 


*  Holistic  approach  to  security  is  critical 

-  To  focus  attention  on  the  threat 

-  To  avoid  risk  exposure  from  gaps  and  seams 

*  Program  Protection  Policy  provides  overarching 
framework  for  trusted  systems 

-  Common  implementation  processes  are  beneficial 

*  Stakeholder  integration  is  key  to  success 

-  Acquisition,  Intelligence,  Engineering,  Industry,  Research 
Communities  are  all  stakeholders 

*  Systems  engineering  brings  these  stakeholders, 
risk  trades,  policy,  and  design  decisions  together 

-  Informing  leadership  early;  providing  programs  with  risk-based  options 
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Questions? 
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